One of the way Yontoo traps its victims is with the promise of movie trailers. Before users can "watch" that trailer, however, scammers require them to download a plug-in that really only installs Yontoo.

"After clicking on 'Install the plug-in,' the user is redirected to another site from which Trojan.Yontoo.1 is downloaded," Doctor Web said. Criminals, however, have also spread Yontoo with promise of a media player, a video quality enhancement program, or a download accelerator.

Yontoo will ask users via a pop-up window (above) if they want to install "Free Twit Tube." But if the user clicks "continue," the Trojan downloads and installs itself as a plug-in for Safari, Chrome, and Firefox on the Mac.

"While a user surfs the web, the plugin transmits information about the loaded pages to a remote server," Doctor Web said. "In return, it gets a file that enables the Trojan to embed third-party code into pages visited by the user."

Doctor Web showed a screen shot of Apple.com (below), which included bogus "DropDownDeals" for Apple products.

Doctor Web added Yontoo to its virus database on March 15.

These types of attacks have been around for some time on Windows. But as Doctor Web noted, "adware for Mac OS X has been increasing in number since the beginning of 2013" and Yontoo is the most prominent.

About the Author

Before joining PCMag.com, Chloe covered financial IT for Incisive Media in NYC and technology policy for The National Journal's Technology Daily in Washington, DC. She has held internships at NBC's Meet the Press, washingtonpost.com, the Tate Gallery press office in London, Roll Call, and Congressional Quarterly. She graduated with a bachelor's deg... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.